The fifth generation (5G) of wireless technology represents a complete transformation of telecommunication networks, introducing a wealth of benefits that will pave the way for new capabilities, and support connectivity for applications like smart cities, autonomous vehicles, and telemedicine. It will transform the digital landscape and serve as a catalyst for innovation, new markets, and economic growth around the world. As tens of billions of new devices will be connected to the Internet through 5G, these connections will empower a vast array of new and enhanced critical infrastructure services.
CISA, through the NRMC, is leading risk mitigation efforts across the federal government by working with government and industry partners to ensure the security and resiliency of 5G technology in our Nation.
August 24, 2020: We are pleased to announce the publication of the CISA 5G Strategy which seeks to advance the development and deployment of a secure and resilient 5G infrastructure, one that promotes national security, data integrity, technological innovation, and economic opportunity for the United States and its allied partners. In addition, we have released a 5G Basics Infographic to educate stakeholders on challenges and risks associated with 5G.
Download and share these resources to help raise awareness of the importance of 5G security and resilience.
Roughly every ten years, the next generation of mobile communications network is released, bringing faster speeds and increased capabilities. The first generation (1G) of wireless networks brought the very first cellphones; 2G brought improved coverage and texting; 3G introduced voice with data/internet, and 4G long-term-evolution (LTE) delivered increased speeds to keep up with mobile data demand. 5G represents a complete transformation of telecommunication networks, introducing a wealth of benefits such as:
100x Faster Download Speeds: 5G brings about much higher data rates. While a 3GB movie would take 40 minutes to download on 4G, it would take only 35 seconds on a 5G network.
100x Network Capacity: 5G promises greater traffic capacity, allowing for millions of devices to be connected on the same network within a small area.
10X Lower Latency: 5G brings near real time interactivity with data response times being as low as 1 millisecond, providing endless possibilities from remote surgery to self driving cars.
When Will 5G Be Available?
Widespread usage of standalone 5G networks is not expected until at least 2022. Initial 5G deployment will operate on a non-standalone network (relying on existing telecommunications infrastructure (i.e., 4G)) and has begun being rolled out incrementally across several U.S. cities. Additionally, the continued exponential increase of connected devices will also utilize 4G, 4G Long-Term Evolution (LTE), and 4G/5G hybrid infrastructures to improve the bandwidth, capacity, and reliability of broadband services. The evolution from non-standalone to standalone 5G networks (which do not rely on existing infrastructure) will take years. But the goal remains to meet the increasing data and communication requirements, all while securely reaping the benefits and possibilities 5G brings.
The 3rd Generation Partnership Project (3GPP), a telecommunications standards organization, develops a series of releases that provide developers with a stable platform for the implementation of cellular telecommunication features. Releases 15, 16, and 17 focus on 5G.
Risks from 5G Deployment
While the deployment of 5G presents opportunities to enhance security and create better user experiences, there are several risks that should be considered. Specifically:
Supply Chain: The 5G supply chain is susceptible to the malicious or unintentional introduction of risks such as malicious software and hardware, counterfeit components, and poor designs, manufacturing processes, and maintenance procedures. 5G hardware, software, and services provided by entrusted entities could increase the vulnerabilities of network asset compromise and affect data confidentiality, integrity, and availability.
Deployment: 5G will utilize more ICT components than previous generations of wireless networks. Municipalities, companies, and organizations may build their own local 5G networks, potentially increasing network vulnerabilities. Improperly deployed, configured, or managed 5G equipment and networks may be vulnerable to disruption and manipulation.
Network Security: 5G builds upon previous generations of wireless networks and is currently being integrated with 4G LTE networks that contain some legacy vulnerabilities. Some of these legacy vulnerabilities, whether accidental or maliciously inserted by untrusted suppliers, may affect 5G equipment and networks despite the integration of additional security enhancements.
Competition and Choice: Despite the development of standards designed to encourage interoperability, some companies, such as Huawei, build proprietary interfaces into their technologies. This limits customers’ choices to use other equipment. Lack of interoperability with other technologies and services limits the ability of trusted companies to compete in the 5G market.
Read/download the Overview of Risks Introduced by 5G Adoption in the United States.
CISA’s Role in 5G Adoption
In March 2020, the White House developed the National Strategy to Secure 5G, which expands upon the National Cyber Strategy and outlines how the Nation will safeguard 5G infrastructure domestically and abroad. As the Nation’s risk advisor, CISA is leading 5G risk mitigation efforts to ensure that the U.S. may fully benefit from 5G connectivity. Through its unique authorities, the Agency is working with interagency, industry, and international partners to ensure relevant policy, legal, security, and safety frameworks are in place to mitigate significant 5G risks. Critical infrastructure systems across all 16 sectors rely on ICT (included 5G components when deployed), for the operation of the National Critical Functions (NCFs), making this a priority initiative of the Agency.
As the Nation’s risk advisor, CISA oversees risk assessment, prioritization, and mitigation efforts for 5G systems in tandem with the industry, leveraging advanced technologies to make informed decisions regarding the NCFs and the systems that enable them. CISA supports several activities, including:
- Developing 5G policy, best practices, and standards that emphasize security and resilience to prevent attempts by threat actors to influence the design and architecture of 5G networks;
- Educating stakeholders on 5G supply chain risk, particularly around vendors, equipment, and networks to promote leading security practices within the public and private sector;
- Strengthening and securing existing infrastructure to support future 5G deployments by recommending improvements for existing 4G Long-Term Evolution (LTE) infrastructure and core networks;
- Catalyzing innovation in the 5G marketplace to foster trusted 5G vendors; and
- Assessing risk mitigation techniques on 5G use cases in order to share and popularize strategies that continue to secure the NCFs.
Partnership Enables 5G Security and Resilience
CISA works with industry leaders and public sector agencies to bring awareness to national critical infrastructure risk, as well as to educate and drive behavioral change towards the Nation’s relationship with ICT and other critical systems, including 5G technologies. Additionally, CISA plays an active role in the community – convening and supporting all levels of stakeholders, including private industry, State, Local, Tribal & Territorial (SLTT) governments, as well as end users to ensure that leading practices are adopted for active securitization and risk mitigation.
Private Industry: CISA often coordinates with 5G network providers, infrastructure technicians, and telecom companies to ensure that risk mitigation techniques are consistently applied across the network – both for existing 4G LTE and new 5G deployment. Through meaningful risk dialogues, industry working groups, and partnerships, CISA can provide extensive value to industry players looking to shore up their security apparatus.
SLTT Government: CISA engages with all levels of federal and local government to ensure that regional applications of 5G technology are properly developed, deployed and monitored. Through regional workshops with SLTT partners, CISA is ensuring that all regions and levels of local government have the know-how and authority to implement meaningful protections around critical infrastructure.
End Users: CISA has developed resources for educational purposes. The resources are not exhaustive; however, they may be helpful for understanding the key elements of 5G and security.
CISA developed these resources as voluntary tools for secure adoption and implementation of 5G technologies. Any analysis of 5G vulnerabilities represents the beginning of CISA’s thinking on this issue, not the culmination of it. These resources are not an exhaustive risk summary or technical review of attack methodologies.
For questions or comments, email 5G@cisa.dhs.gov.